Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 834
    • Issues 834
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #14970
Closed
Open
Issue created Feb 20, 2015 by Georg Koppen@gkDeveloper

Don't allow third parties to block our own Tor Browser extensions

Right now we ship Torbutton and Tor Launcher and take care that we alone can make updates and that these updates take effect when they need to. But that might change if all extensions need to get signed beforehand by Mozilla to be accepted by the underlying browser (see: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/).

The easy solution would be to just disable that feature entirely in Tor Browser (either by flipping a preference or a build switch) but I think we should be smarter here and use the signing requirement for extensions not written by us but exempt our add-ons from it.

The tracking bug is: https://bugzilla.mozilla.org/show_bug.cgi?id=1047239

Marking this for ESR 45 as it won't take effect in ESR 38.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking